Deepfake ‘face swap’ attacks surged 704% last year, study finds
Deepfake “face swap” attacks skyrocketed by 704% from the first to the second half of 2023, according to new research.
Analysts at iProov, a British biometric firm, attributed the surge to the growing accessibility of sophisticated generative AI tools.
With their ability to manipulate key traits of an image or video, face swaps made with GenAI are difficult to detect.
They’re also user-friendly and affordable. To create convincing face swaps, all you need is off-the-shelf software. The manipulated or synthetic output is then fed to a virtual camera.
“There has been a proliferation in face swap tools making it very easy to create, and inject, face swaps with very little technical knowledge,” Dr Andrew Newell, Chief Scientific Officer at iProov, told TNW.
“Knowledge of these tools is spreading quickly through the information sharing forums, along with techniques to bypass many existing defences.”
Concealing deepfake crimes
SwapFace and DeepFaceLive are the most popular tools for bad actors, according to iProov.
Attackers often combine them with emulators — which mimic a user’s device, such as a mobile phone — alongside other metadata manipulation methods.
By using these tools, crooks can hide the evidence of virtual cameras, which makes the face swaps harder to detect.
Identity fraudsters have quickly exploited this vulnerability. From H1 to H2 last year, the use of deepfake media alongside metadata spoofing soared by 672%. In that same period, there was a 353% increase in threat actors using emulators.
Collaboration is also on the up. Of the groups identified by iProov’s analysts, almost half (47%) were created in 2023.
Face swaps in the headlines
iProov’s research arrives just days after one of the biggest deepfake scams in history.
A finance worker in Hong Kong was duped into transferring HK$200mn (€23.8mn) to conmen posing as her colleagues in a video call, according to Chinese police. Other than the victim, everyone on the call was a digital recreation of a real staff member.
“Whilst it has not been confirmed, it is likely that this attack used face swap technology, which provides the threat actors with a very high level of control over the resulting deepfake video, combined with injection techniques to make it appear as if the video on the call was coming from a real camera,” Newell said.
“These are the tools that we have identified in our report as representing a very significant threat.”
Four years after researchers highlighted deepfakes the most worrying AI crime, their anxieties are becoming reality.